Bug 700813

Summary: Move DNSSEC key to .org besides DLV
Product: [Fedora] Fedora Documentation Reporter: Tobias Burnus <tobias.burnus>
Component: fedora-websitesAssignee: Fedora Websites Team <web-members>
Status: CLOSED NOTABUG QA Contact: Karsten Wade <kwade>
Severity: medium Docs Contact:
Priority: unspecified    
Version: develCC: nb, nman64
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-04-29 21:31:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Tobias Burnus 2011-04-29 13:29:57 UTC 
The domain "fedoraproject.org" is DNSSEC signed; however, the key is only in DLV and not in .org.

Currently: Domain shows up as "orange" with Firefox's DNSSEC AddOn as it is signed but there is no trust chain from ".".

Expected: The DNSSEC key is also included as DS in .org.

See http://dnsviz.net/d/fedoraproject.org/dnssec/


As the domain is already signed and the key is in DLV, it should be straight forward to include it also there.


Side remark: As .com domains can be now also signed, you could consider also DNSSEC signing bugzilla.redhat.com (cf. http://dnsviz.net/d/bugzilla.redhat.com/dnssec/ )
Comment 1 Karsten Wade 2011-04-29 21:31:22 UTC 
Thanks for your report, please allow me to direct you to where to pursue the matter.

For fedoraproject.org DNS, you would normally either email webmaster or file a ticket in the Fedora Infrastructure team's Trac instance:

https://fedorahosted.org/fedora-websites/

The Fedora teams do not work with the domain admins for redhat.com. You can reach them at domainadmin.

Regarding DNSSEC, I asked about this ticket on IRC (#fedora-websites or #fedora-admin on irc.freenode.net), and was informed that one of the team is  already working on DNSSEC but may be waiting for our registrar to support DNSSEC. If you want to learn more or think you can help further, please use the Fedora Infrastructure team contact information from above.